6 matches found
CVE-2025-49141
The CVE-2025-49141 entry concerns HAX CMS PHP (pre-11.0.3) with an OS command injection in the gitImportSite flow. The issue arises when gitImportSite retrieves a URL from a POST request and performs insufficient input validation; later, set_remote passes the input to proc_open, enabling an attac...
CVE-2025-49138
HAX CMS PHP before v11.0.0 is vulnerable to an authenticated Local File Inclusion via the saveOutline API. The backend stores the provided location value directly into site.json without validation, allowing an attacker to craft a relative path (for example ../../../etc/passwd) to read arbitrary f...
CVE-2025-49139
CVE-2025-49139 pertains to HAX CMS (NodeJS/PHP) prior to version 11.0.0. The issue arises from a website block in the HAX site editor that lets an authenticated user specify a target URL to load in an iframe. When a user visits the attacker-controlled HAX site, the client’s browser requests the s...
CVE-2025-49137
HAX CMS PHP prior to 11.0.0 is vulnerable to stored XSS via the saveNode and saveManifest endpoints, where unsanitized user input is stored in the site JSON schema and rendered in the generated microsite. The issue allows execution of arbitrary JavaScript through HTML tags (notably without using ...
CVE-2025-54378
CVE-2025-54378 affects HAX CMS backends (nodejs and PHP). The issue is that API endpoints do not verify authorization for resource interactions, only checking authentication, allowing an authenticated user to perform privileged operations. Affected versions: haxcms-nodejs ≤ 11.0.13 and haxcms-php...
CVE-2025-53642
The CVE concerns haxcms-nodejs and haxcms-php backends for HAXcms. The logout flow does not terminate the user session or clear cookies, and a refresh token is issued on logout, enabling potential continued access. Affected versions are haxcms-nodejs and haxcms-php prior to 11.0.6. The issue is m...